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REMARKS 

This Amendment and Response and the following remarks are intended to fully respond 
to the Final Office Action mailed July 14, 2009. In that Office Action, claims 1, 3-16, 18-20, 
and 22 were examined, and all were rejected. Specifically, claims 1,3-16, 18-21, and 22 were 
rejected under 35 U.S.C. § 103(a) as allegedly being unpatentable over U.S. Patent No. 
6,801,998 to Hanna et al. (hereinafter, "Hanna) in view of U.S. Patent No. 7,068,789 to Huitema 
et al. (hereinafter, "Huitema"). Reconsideration of these rejections, as they might apply to the 
original and amended claims in view of these remarks, is respectfully requested. 

In this Amendment and Response, claims 1, 3-7, 9-10, 12, 14-16, 19, and 22 have been 
amended. Claims 2, 17, and 21 remain cancelled without prejudice. No claims have been added. 
Therefore, claims 1,3-16, 18-20, and 22 remain present for examination. This application is in 
condition for allowance, and such action is respectfully requested. 

Claim Rejections - 35 U.S.C. § 103(a): 1, 3-16. 18-20. & 22 

Claims 1, 3-16, 18-21, and 22 were rejected 35 U.S.C. § 103(a) as allegedly being 
unpatentable over Hanna in view of Huitema. The Applicants respectfully disagree and traverse 
these § 103(a) rejections. To establish a prima facie case of obviousness, the references must 
teach or suggest each and every one of the claim elements to one of ordinary skill in the art at the 
time the invention was made. See MPEP §§ 2142, 2143.03; In re Wilson, 424 F.2d 1382, 1385 
(C.C. PA. 1970). In addition, KSR International Company v. Teleflex, Inc., Ill S. Ct. 1727, 
1741 (2007), requires that there "must be some articulated reasoning with some rational 
underpinning to support the legal conclusion of obviousness." (Emphasis added.) Further, "[A] 
patent composed of several elements is not proved obvious merely by demonstrating that each of 
its elements was, independently, known in the prior art." KSR Int'l Co., Ill S. Ct. at 1741. 
Specifically, the references fail to teach or suggest all of the claimed elements. 

For example, with respect to claim 1 , Hanna fails to teach or suggest at least the 
following: 



creating group identity information; 
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selecting a first subset of the group identity information to include in a 
first group identity information document for disclosure to a first receiving 
system; 

selecting a second subset of the group identity information to include in a 
second group identity information document for disclosure to a second receiving 
system, wherein the second subset is different from the first subset, and wherein 
the second receiving system is different from the first receiving system; 

generating a first group-signed group identity information document 

comprising the first subset of the group identity information, an embedded use 
policy that expresses a privacy policy providing instructions as to how the first 
subset of the group identity information may be used, wherein the embedded use 
policy is stored with the first subset of the group identity information, at least a 
first key, and a first group identity information document signature signed by a 
group owner using a second key associated with the first key, wherein the second 
key is a private key of the group and is owned by the group owner; 

sending the first group-signed group identity information document to the 
first receiving system to establish the new group identity at the first receiving 
system. 

Claim 1, supra (as amended) (emphasis added). 

Hanna relates generally to providing client access to a service or resource through an 
application server. Hanna, at 3:9-11. Specifically, Hanna teaches that the applicant desiring 
access does not have information regarding the groups that have access privileges to the desired 
service or resource. Hanna states, "In a preferred embodiment, the applicant is required to prove 
membership within a group having the requisite privileges to obtain access to the service or 
resource without receipt of intelligible information from the application server regarding the 
identification of the group or groups having access privileges." Hanna, at 3:12-1 7 (emphasis 
added). By not having information regarding the "identification of the group or groups having 
access privileges," for example, Hanna necessarily teaches away from at least claim 1 's ". . . 
selecting a first subset of the group identity information to include in a first group identity 
information document for disclosure to a first receiving system" ". . . selecting a second subset 
of the group identity information to include in a second group identity information document for 
disclosure to a second receiving system, wherein the second subset is different from the first 
subset, and wherein the second receiving system is different from the first receiving system," and 
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". . . generating a first group-signed group identity information document comprising the first 
subset of the group identity information, an embedded use policy that expresses a privacy policy 
providing instructions as to how the first subset of the group identity information may be used, 
wherein the embedded use policy is stored with the first subset of the group identity information 
. . . ." (Emphasis added.) Rather, Hanna provides that in response to a request for service, "the 
application server transmits an encrypted message to the client which includes an identification 
of the group or groups having a right of access to the service requested by the client." Hanna, at 
3:17-21 (emphasis added). Accordingly, Hanna provides no teaching or suggestion, for 
example, of "selecting" a "first subset" of the group identity information to include in a first 
group identity information document "for disclosure to a first receiving system" or of "selecting" 
a "second subset" of the group identity information to include in a second group identity 
information document "for disclosure to a second receiving system" such that the second subset 
is different from the first subset and the second receiving system is different from the first 
receiving system. Instead, the applicant in Hanna does not even know the groups that have 
access privileges, and any identification is provided in an encrypted manner. As such, Hanna 
fails to teach or suggest each and every limitation of claim 1 . 

Further, Huitema fails to cure the deficiencies of Hanna. Huitema relates in 
embodiments to providing peer-to-peer communications. Huitema, at 2:58-67. In an 
embodiment, Huitema provides for establishing security through the use of public and private 
keys: "The keeper of the ID's private key uses the certificate to attach additional information to 
the ID, such as the IP address, friendly name, etc. Preferably, each node generates its own pair 
of a private-public keys, although such may be provided by a trusted supplier. The public key is 
then included as part of the node identifier." Huitema, at 8:62-67. Huitema therefore fails to 
teach or suggest, for example, ". . . selecting a first subset of the group identity information to 
include in a first group identity information document for disclosure to a first receiving system;" 
". . . selecting a second subset of the group identity information to include in a second group 
identity information document for disclosure to a second receiving system, wherein the second 
subset is different from the first subset, and wherein the second receiving system is different 
from the first receiving system;" or "generating a first group-signed group identity information 
document comprising the first subset of the group identity information, an embedded use policy 
that expresses a privacy policy providing instructions as to how the first subset of the group 
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identity information may be used, wherein the embedded use policy is stored with the first subset 
of the group identity information . . . ." Huitema thus fails to cure the deficiencies of Hanna. 

Accordingly, Hanna in view of Huitema fail to teach or suggest each and every limitation 
of claim 1 , and allowance of this claim is respectfully requested. While the above discussion 
shows that Hanna in view of Huitema fail to teach or suggest each and every limitation of claim 
1, amendments to claim 1 are made in the interest only of forwarding the prosecution of this 
application to allowance and are not necessarily made to address the Office Action's rejections 
based on the cited references. Amendments are therefore made without prejudice. Because 
claims 3-8 depend on allowable base claim 1, these claims are also allowable, and such action is 
also respectfully requested. As such, any remaining arguments supporting the rejections of these 
claims are not acquiesced to even though they are not addressed herein. 

In addition, for at least the reasons set forth above, Hanna in view of Huitema fail to 
disclose or suggest each and every limitation of claims 9 and 16. For example, Hanna in view of 
Huitema fail to teach or suggest at least the following: 

a group ID generate module generating a group certificate comprising at 
least a public key, a digital signature for the group, and an embedded use policy 
that expresses a privacy policy providing instructions as to how a first subset of 
group identity information may be used at a first receiving system, wherein the 
embedded use policy is stored with the first subset of group identity information 
and wherein the first subset of group identity information is selected from group 
identity information for disclosure to the first receiving system and a second 
subset of group identity information is selected from the group identity 
information for disclosure to a second receiving system, the first subset being 
different from the second subset; and 

a send module transmitting the group certificate to establish the new group 
identity at the first receiving system. 

Claim 9, supra (as amended) (emphasis added). 



generating at the initiating system a group certificate comprising at least a 
group use policy that expresses a privacy policy providing instructions as to how 
a first subset of group identity information may be used at the first receiving 
system, wherein the embedded use policy is stored with the first subset of group 
identity information, a group public key and a digital signature for the group 
signed with a group private key associated with the group public key, and wherein 
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the first subset of group identity information is selected from group identity 
information for disclosure to the first receiving system and a second subset of 
group identity information is selected from the group identity information for 
disclosure to a second receiving system, the first subset being different from the 
second subset; 

sending the group certificate to the first receiving system to establish the 
new group identity at the first receiving system; 

sending a membership certificate to the first receiving system to establish 
an originator as a member of the new group at the first receiving system; 

generating a personal certificate having at least a public key of the 
originator, a personal use policy that expresses a personal privacy policy 
providing instructions as to how personal identity information may be used, 
wherein the embedded personal use policy is stored with the personal identity 
information, and a digital signature for the originator signed by the originator with 
a private key associated with the public key of the originator; and 

sending the personal certificate to establish the personal identity of the 
originator at the first receiving system. 

Claim 16, supra (as amended) (emphasis added). 



Accordingly, Hanna in view of Huitema fail to teach or suggest each and every limitation 
of claims 9 and 16, and allowance of these claims is respectfully requested. While the above 
discussion shows that Hanna in view of Huitema fail to teach or suggest each and every 
limitation of claims 9 and 16, amendments to claims 9 and 16 are made in the interest only of 
forwarding the prosecution of this application to allowance and are not necessarily made to 
address the Office Action's rejections based on the cited references. Amendments are therefore 
made without prejudice. Because claims 10-15, 18-20, and 22 depend on allowable base claims 
9 and 16, respectively, these claims are also allowable, and such action is also respectfully 
requested. As such, any remaining arguments supporting the rejections of these claims are not 
acquiesced to even though they are not addressed herein. 

For at least the above reasons, claims 1, 9 and 16 are allowable. Dependent claims 3-8, 
10-15, 18-20, and 22 are also allowable for reciting further limitations of allowable base claims 
1, 9, and 16, respectively. Accordingly, this application is in condition for allowance, and such 
action is respectfully requested. 
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Conclusion 

This Amendment and Response fully responds to the Final Office Action mailed July 14, 
2009. Still, the Office Action may contain arguments and rejections that are not directly 
addressed by this Amendment and Response because they are rendered moot in light of the 
preceding arguments in favor of patentability. Hence, the failure, if any, of this Amendment and 
Response to directly address an argument and/or comment raised in the Office Action should not 
be taken as an indication that the Applicant believes the argument and/or comment has merit. 
Additionally, the failure, if any, to address statements/comments made by the Examiner does not 
mean that the Applicants acquiesce to such statements or comments. Furthermore, the claims of 
the present application may include other elements, not discussed in this Amendment and 
Response, which are not shown, taught, or otherwise suggested by the art of record. 
Accordingly, the preceding arguments in favor of patentability are advanced without prejudice to 
other bases of patentability. 

It is believed that no fees are due with this Amendment and Response. However, the 
Commissioner is hereby authorized to charge any deficiencies or credit any overpayment with 
respect to this patent application to deposit account number 13-2725. 

In light of the above remarks and amendments, the application is in condition for 
allowance and such action is respectfully requested. Should any additional issues need to be 
resolved, the Examiner is respectfully requested to telephone the undersigned to attempt to 
resolve those issues. 

Respectfully submitted, 

/Elizabeth J. Reagan/ 

Elizabeth J. Reagan, Reg. No. 57,528 
Merchant & Gould P.C. 
P.O. Box 2903 

Minneapolis, MN 55402-0903 
(303) 357-1644 



Dated: November 16. 2009 
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